Example 1 with CreateSecretRequestV2
use of keywhiz.api.automation.v2.CreateSecretRequestV2 in project keywhiz by square.
the class SecretResource method createSecret.
/**
* Creates a secret and assigns to given groups
*
* @excludeParams automationClient
* @param request JSON request to create a secret
*
* @responseMessage 201 Created secret and assigned to given groups
* @responseMessage 409 Secret already exists
*/
@Timed
@ExceptionMetered
@POST
@Consumes(APPLICATION_JSON)
public Response createSecret(@Auth AutomationClient automationClient, @Valid CreateSecretRequestV2 request) {
// allows new version, return version in resulting path
String name = request.name();
String user = automationClient.getName();
SecretBuilder builder = secretController.builder(name, request.content(), automationClient.getName(), request.expiry()).withDescription(request.description()).withMetadata(request.metadata()).withType(request.type());
Secret secret;
try {
secret = builder.create();
} catch (DataAccessException e) {
logger.info(format("Cannot create secret %s", name), e);
throw new ConflictException(format("Cannot create secret %s.", name));
}
Map<String, String> extraInfo = new HashMap<>();
if (request.description() != null) {
extraInfo.put("description", request.description());
}
if (request.metadata() != null) {
extraInfo.put("metadata", request.metadata().toString());
}
extraInfo.put("expiry", Long.toString(request.expiry()));
auditLog.recordEvent(new Event(Instant.now(), EventTag.SECRET_CREATE, user, name, extraInfo));
long secretId = secret.getId();
groupsToGroupIds(request.groups()).forEach((maybeGroupId) -> maybeGroupId.ifPresent((groupId) -> aclDAO.findAndAllowAccess(secretId, groupId, auditLog, user, new HashMap<>())));
UriBuilder uriBuilder = UriBuilder.fromResource(SecretResource.class).path(name);
return Response.created(uriBuilder.build()).build();
}
Also used :
Secret(keywhiz.api.model.Secret)
Produces(javax.ws.rs.Produces)
Event(keywhiz.log.Event)
Path(javax.ws.rs.Path)
LoggerFactory(org.slf4j.LoggerFactory)
GroupDAOFactory(keywhiz.service.daos.GroupDAO.GroupDAOFactory)
Valid(javax.validation.Valid)
QueryParam(javax.ws.rs.QueryParam)
Consumes(javax.ws.rs.Consumes)
Map(java.util.Map)
DefaultValue(javax.ws.rs.DefaultValue)
ExceptionMetered(com.codahale.metrics.annotation.ExceptionMetered)
ModifyGroupsRequestV2(keywhiz.api.automation.v2.ModifyGroupsRequestV2)
BadRequestException(javax.ws.rs.BadRequestException)
UriBuilder(javax.ws.rs.core.UriBuilder)
APPLICATION_JSON(javax.ws.rs.core.MediaType.APPLICATION_JSON)
ContentCryptographer(keywhiz.service.crypto.ContentCryptographer)
GroupDAO(keywhiz.service.daos.GroupDAO)
Collectors.toSet(java.util.stream.Collectors.toSet)
DELETE(javax.ws.rs.DELETE)
Group(keywhiz.api.model.Group)
SecretVersion(keywhiz.api.model.SecretVersion)
CreateSecretRequestV2(keywhiz.api.automation.v2.CreateSecretRequestV2)
HOURS(java.time.temporal.ChronoUnit.HOURS)
Set(java.util.Set)
ConflictException(keywhiz.service.exceptions.ConflictException)
Instant(java.time.Instant)
Sets(com.google.common.collect.Sets)
NotFoundException(javax.ws.rs.NotFoundException)
String.format(java.lang.String.format)
Timed(com.codahale.metrics.annotation.Timed)
Base64(java.util.Base64)
List(java.util.List)
Stream(java.util.stream.Stream)
Response(javax.ws.rs.core.Response)
Optional(java.util.Optional)
SanitizedSecret(keywhiz.api.model.SanitizedSecret)
SecretDAOFactory(keywhiz.service.daos.SecretDAO.SecretDAOFactory)
SecretContent(keywhiz.api.model.SecretContent)
PathParam(javax.ws.rs.PathParam)
SecretDetailResponseV2(keywhiz.api.automation.v2.SecretDetailResponseV2)
AclDAO(keywhiz.service.daos.AclDAO)
SanitizedSecretWithGroups(keywhiz.api.model.SanitizedSecretWithGroups)
GET(javax.ws.rs.GET)
Auth(io.dropwizard.auth.Auth)
PartialUpdateSecretRequestV2(keywhiz.api.automation.v2.PartialUpdateSecretRequestV2)
HashMap(java.util.HashMap)
SecretSeriesDAO(keywhiz.service.daos.SecretSeriesDAO)
Inject(javax.inject.Inject)
AutomationClient(keywhiz.api.model.AutomationClient)
ImmutableList(com.google.common.collect.ImmutableList)
SecretDAO(keywhiz.service.daos.SecretDAO)
SecretBuilder(keywhiz.service.daos.SecretController.SecretBuilder)
AuditLog(keywhiz.log.AuditLog)
DataAccessException(org.jooq.exception.DataAccessException)
POST(javax.ws.rs.POST)
Logger(org.slf4j.Logger)
SecretSeriesDAOFactory(keywhiz.service.daos.SecretSeriesDAO.SecretSeriesDAOFactory)
Readonly(keywhiz.service.config.Readonly)
UTF_8(java.nio.charset.StandardCharsets.UTF_8)
AclDAOFactory(keywhiz.service.daos.AclDAO.AclDAOFactory)
SetSecretVersionRequestV2(keywhiz.api.automation.v2.SetSecretVersionRequestV2)
SecretController(keywhiz.service.daos.SecretController)
EventTag(keywhiz.log.EventTag)
Collectors.toList(java.util.stream.Collectors.toList)
CreateOrUpdateSecretRequestV2(keywhiz.api.automation.v2.CreateOrUpdateSecretRequestV2)
SecretSeriesAndContent(keywhiz.api.model.SecretSeriesAndContent)
PUT(javax.ws.rs.PUT)
ConflictException(keywhiz.service.exceptions.ConflictException)
HashMap(java.util.HashMap)
SecretBuilder(keywhiz.service.daos.SecretController.SecretBuilder)
Secret(keywhiz.api.model.Secret)
SanitizedSecret(keywhiz.api.model.SanitizedSecret)
Event(keywhiz.log.Event)
UriBuilder(javax.ws.rs.core.UriBuilder)
DataAccessException(org.jooq.exception.DataAccessException)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Timed(com.codahale.metrics.annotation.Timed)
ExceptionMetered(com.codahale.metrics.annotation.ExceptionMetered)
Example 2 with CreateSecretRequestV2
use of keywhiz.api.automation.v2.CreateSecretRequestV2 in project keywhiz by square.
the class SecretResourceTest method createSecret_successUnVersioned.
//---------------------------------------------------------------------------------------
// createSecret
//---------------------------------------------------------------------------------------
@Test
public void createSecret_successUnVersioned() throws Exception {
CreateSecretRequestV2 request = CreateSecretRequestV2.builder().name("secret1").content(encoder.encodeToString("supa secret".getBytes(UTF_8))).description("desc").metadata(ImmutableMap.of("owner", "root", "mode", "0440")).type("password").build();
Response httpResponse = create(request);
assertThat(httpResponse.code()).isEqualTo(201);
URI location = URI.create(httpResponse.header(LOCATION));
assertThat(location.getPath()).isEqualTo("/automation/v2/secrets/secret1");
}
Also used :
Response(okhttp3.Response)
CreateSecretRequestV2(keywhiz.api.automation.v2.CreateSecretRequestV2)
URI(java.net.URI)
Test(org.junit.Test)
Example 3 with CreateSecretRequestV2
use of keywhiz.api.automation.v2.CreateSecretRequestV2 in project keywhiz by square.
the class SecretResourceTest method secretInfo_success.
@Test
public void secretInfo_success() throws Exception {
// Sample secret
create(CreateSecretRequestV2.builder().name("secret6").content(encoder.encodeToString("supa secret6".getBytes(UTF_8))).description("desc").metadata(ImmutableMap.of("owner", "root", "mode", "0440")).type("password").build());
SecretDetailResponseV2 response = lookup("secret6");
assertThat(response.name()).isEqualTo("secret6");
assertThat(response.createdBy()).isEqualTo("client");
assertThat(response.description()).isEqualTo("desc");
assertThat(response.type()).isEqualTo("password");
assertThat(response.metadata()).isEqualTo(ImmutableMap.of("owner", "root", "mode", "0440"));
// These values are left out for a series lookup as they pertain to a specific secret.
assertThat(response.content()).isEmpty();
assertThat(response.size().longValue()).isZero();
}
Also used :
SecretDetailResponseV2(keywhiz.api.automation.v2.SecretDetailResponseV2)
Test(org.junit.Test)
Example 4 with CreateSecretRequestV2
use of keywhiz.api.automation.v2.CreateSecretRequestV2 in project keywhiz by square.
the class SecretResourceTest method backfillExpirationTest.
//---------------------------------------------------------------------------------------
// backfillExpiration
//---------------------------------------------------------------------------------------
@Test
public void backfillExpirationTest() throws Exception {
byte[] certs = Resources.toByteArray(Resources.getResource("fixtures/expiring-certificates.crt"));
byte[] pubring = Resources.toByteArray(Resources.getResource("fixtures/expiring-pubring.gpg"));
byte[] p12 = Resources.toByteArray(Resources.getResource("fixtures/expiring-keystore.p12"));
byte[] jceks = Resources.toByteArray(Resources.getResource("fixtures/expiring-keystore.jceks"));
create(CreateSecretRequestV2.builder().name("certificate-chain.crt").content(encoder.encodeToString(certs)).build());
create(CreateSecretRequestV2.builder().name("public-keyring.gpg").content(encoder.encodeToString(pubring)).build());
create(CreateSecretRequestV2.builder().name("keystore.p12").content(encoder.encodeToString(p12)).build());
create(CreateSecretRequestV2.builder().name("keystore.jceks").content(encoder.encodeToString(jceks)).build());
Response response = backfillExpiration("certificate-chain.crt", ImmutableList.of());
assertThat(response.isSuccessful()).isTrue();
response = backfillExpiration("public-keyring.gpg", ImmutableList.of());
assertThat(response.isSuccessful()).isTrue();
response = backfillExpiration("keystore.p12", ImmutableList.of("password"));
assertThat(response.isSuccessful()).isTrue();
response = backfillExpiration("keystore.jceks", ImmutableList.of("password"));
assertThat(response.isSuccessful()).isTrue();
SecretDetailResponseV2 details = lookup("certificate-chain.crt");
assertThat(details.expiry()).isEqualTo(1501533950);
details = lookup("public-keyring.gpg");
assertThat(details.expiry()).isEqualTo(1536442365);
details = lookup("keystore.p12");
assertThat(details.expiry()).isEqualTo(1681596851);
details = lookup("keystore.jceks");
assertThat(details.expiry()).isEqualTo(1681596851);
}
Also used :
Response(okhttp3.Response)
SecretDetailResponseV2(keywhiz.api.automation.v2.SecretDetailResponseV2)
Test(org.junit.Test)
Example 5 with CreateSecretRequestV2
use of keywhiz.api.automation.v2.CreateSecretRequestV2 in project keywhiz by square.
the class SecretResourceTest method deleteSecretSeries_success.
@Test
public void deleteSecretSeries_success() throws Exception {
// Sample secret
create(CreateSecretRequestV2.builder().name("secret12").content(encoder.encodeToString("supa secret12".getBytes(UTF_8))).build());
createGroup("testGroup");
ModifyGroupsRequestV2 request = ModifyGroupsRequestV2.builder().addGroups("testGroup", "secret12").build();
List<String> groups = modifyGroups("secret12", request);
// Delete works
assertThat(deleteSeries("secret12").code()).isEqualTo(204);
// Subsequent deletes can't find the secret series
assertThat(deleteSeries("secret12").code()).isEqualTo(404);
}
Also used :
ModifyGroupsRequestV2(keywhiz.api.automation.v2.ModifyGroupsRequestV2)
Test(org.junit.Test)
Aggregations
Test (org.junit.Test)6
CreateSecretRequestV2 (keywhiz.api.automation.v2.CreateSecretRequestV2)3
ModifyGroupsRequestV2 (keywhiz.api.automation.v2.ModifyGroupsRequestV2)3
SecretDetailResponseV2 (keywhiz.api.automation.v2.SecretDetailResponseV2)3
Response (okhttp3.Response)3
ExceptionMetered (com.codahale.metrics.annotation.ExceptionMetered)1
Timed (com.codahale.metrics.annotation.Timed)1
ImmutableList (com.google.common.collect.ImmutableList)1
Sets (com.google.common.collect.Sets)1
Auth (io.dropwizard.auth.Auth)1
String.format (java.lang.String.format)1
URI (java.net.URI)1
UTF_8 (java.nio.charset.StandardCharsets.UTF_8)1
Instant (java.time.Instant)1
HOURS (java.time.temporal.ChronoUnit.HOURS)1
Base64 (java.util.Base64)1
HashMap (java.util.HashMap)1
List (java.util.List)1
Map (java.util.Map)1
Optional (java.util.Optional)1
